CSP #1 | SC Media
Encryption, Container security, Cloud security, Attack surface mgmt, Configuration management

CSP #1

February 9, 2021

Sponsored Bysponsor
Visit https://www.cybereason.com/cisostories for more information!

CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Join this podcast to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MischelKwon_CCExtract.pdf

Kwon, M. 2019. Communicating Security Progress and Needs with Business-focused Leadership. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 30. Fitzgerald, T. CRC Press, Boca Raton, Fl.

To purchase the book: www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Telling Scary Stories to the Board? Stop. Here’s Why.

Guests

Mischel Kwon

Mischel Kwon – CEO at [email protected], LLC

Mischel Kwon is the founder and CEO of [email protected] She brings a rare blend of hands-on experience, academic research and training, and a seasoned understanding of how to build security operations organizations from inception. Mischel has more than 35 years of broad IT and security experience, ranging from application design and development, to network architecture and deployment, to building and implementing security operations centers, as she did when she built the first Justice Security Operations Center (JSOC) to monitor and defend the Department of Justice network against cyber threats while serving as the Deputy Director for IT Security Staff at the United States Department of Justice.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored Bysponsor
Visit https://www.cybereason.com/cisostories for more information!

Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Doing Security Before Security Was a Career Path

Guests

Petri Kuivala

Petri Kuivala – CISO at NXP Semiconductors

Long time Cyber Security professional, first CISO of Nokia (2009), Start-up coach for few Cyber Security & Privacy companies. Active sports and family man 🙂

Hosts

Sam Curry

Sam Curry – Chief Security Officer at Cybereason

@samjcurry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created the “Fog of More”, making the choices difficult to manage. Join the former 35-year NSA software vulnerability analyst and executive manager, and innovator of community-based controls sharing, as he discusses how the CIS controls can be used effectively to manage our environments.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_TonySager_CCExtract.pdf

Sager, T.. 2019. Jumpstarting Controls Prioritization Within a Control Framework. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 246. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Is There a Magic Security Control List?

Guests

Tony Sager

Tony Sager – Senior Vice President & Chief Evangelist at Center for Internet Security

Tony Sager is a Senior VP for the Center for Internet Security. He led the development of the CIS Controls, a community consensus project to identify and support best practices in cybersecurity. His “volunteer army” identifies practices that will stop the vast majority of attacks seen today, and he leads projects that will share, scale, and sustain these practices for worldwide adoption.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, software vulnerability analyst, and executive manager. Tony oversaw all NSA Red and Blue Teams, as well as all security product evaluation teams. He helped guide the Agency’s top talent development programs, and founded the Vulnerability Analysis and Operations Group (NSA’s premier technical organization in defense).

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Hopefully you won’t have to hire a lawyer to defend yourself against a government regulator. What happens when the Federal Trade Commission or other powerful body accuses your company of wrongdoing which you do not feel you were responsible for? Join this podcast and hear how the owner of a small company decided to take on the FTC and how he went about choosing a lawyer. The answers will surprise you and provide some useful tips for choosing a lawyer.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MichaelJDaugherty_CCExtract.pdf

Daugherty, M. 2019. Finding the Right Lawyer to Defend Your Company. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 337. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

He Fought the FTC Over a Breach & Won

Guests

Michael Daugherty

Michael Daugherty – CEO at LabMD

@DaughertyMJ

Mike Daugherty is the CEO of LabMD, a cancer testing laboratory, and Founder of The Justice Society. A graduate of The University of Michigan, Mike was a surgical healthcare entrepreneur for over twenty years marketing implantable medical devices. In 1996 he founded LabMD. He has spent most of the last decade defending his company against charges that it had deficient cybersecurity practices. (https://www.bloomberg.com/features/2016-labmd-ftc-tiversa/)

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Tatu Ylönen, SSH founder and inventor of Secure Shell, discusses the genesis for the protocol and his keen interest in the application of technological solutions to fundamental cybersecurity challenges…

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Necessity is the Mother of Security

Guests

Tatu Ylonen

Tatu Ylonen – Founder at SSH Communications Security

@tjssh

Tatu wrote the original SSH (Secure Shell) implementation and has worked in security for over 20 years. His other interests include artificial intelligence and natural language processing.

Hosts

Sam Curry

Sam Curry – Chief Security Officer at Cybereason

@samjcurry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

All disciplines need to be able to demonstrate added value and track the ability to improve upon the current practices. The board, technical management, auditors, and engineers may each need a different view of the security initiatives performed. Join this podcast to how different metrics can be applied to different groups so each can improve their performance over time.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Edward_Marchewka_Article.pdf

Marchewka, E. 2019. Security Metrics to Measure Program Effectiveness. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 167. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Stop Reporting Useless Security Metrics!!

Guests

Edward Marchewka

Edward Marchewka – Founder at CHICAGO Metrics

@ejmarchewka

Edward is the Founder and Creator of CHICAGO Metrics®, a platform to help manage your company’s key IT and Information Security risks enabling you to tell a better story. He also serves as the VP of IT and Quality Services, & Strategic Planning for Gift of Hope Organ & Tissue Donor Network.

Before joining Gift of Hope Edward was the Enterprise Information Security and Server Operations Manager (CISO) for Chicago Public Schools, the third-largest school district in the country. Edward holds active certifications from: (ISC)2, ASQ, ITIL, PCI, PMI, Microsoft, and CompTIA. He is a member of (ISC)2, PMI, ASQ, AITP, ISACA, SIM, and President Emeritus of the InfraGard Chicago Members Alliance.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Healthcare security today is much more complex with integrated clinical systems and connected community networks. No longer are the medical records stored with a single provider. Join this podcast to learn how one Healthcare CISO is forging relationships and having the appropriate risk-based discussions at the right levels to address the challenge. 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Erik_Decker_Article.pdf

Decker, E. 2019. Healthcare Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Effective Health Care Security is More Than HIPAA!!

Guests

Erik Decker

Erik Decker – AVP & CISO at Intermountain Healthcare

@ErikDecker13

Erik Decker a Healthcare CISO with 21 years of IT experience and 15 years within Information Security. He is the industry lead of the HHS CSA 405(d) Task Group and responsible for the development of the Health Industry Cybersecurity Practices (HICP) publication, which was recently designated as a “recognized cybersecurity practice” within PL 116-321, which amended HIPAA/HITECH. He is also a member of the Executive Council of the Health Sector Coordinating Council, a joint public-private partnership group tasked with protecting Critical Infrastructure, as defined under the National Infrastructure Protection Plan.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Will Lin, founding team member at ForgePoint Capital and co-creator of the CISO community Security Tinkerers, discusses his passion for technology and how it led him to a career helping security companies launch, as well as his work supporting CISOs through collaboration and knowledge sharing.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Passion for Solving Problems is Key to Security

Guests

Will Lin

Will Lin – Managing Director & Co-Founder at ForgePoint Capital

@williamlin

Will is a member of the ForgePoint founding team and has been involved in every aspect of the firm’s evolution. Since ForgePoint Capital’s founding in 2015, Will has risen from Vice President to Managing Director in five years—a meteoric career advancement. As Managing Director, he is a senior member of the team responsible for leading investments, growing the members of the investment team, expanding the trusted network of industry relationships and supporting fundraising efforts. He started his career at Citi’s Investment Banking Group and subsequently joined Trident Capital where he supported investments in cybersecurity and infrastructure software. Will currently serves on the boards of Attivo Networks, Bishop Fox, Concourse Labs, LoginRadius, Remediant, Symmetry Systems, Uptycs and an unannounced company.

Hosts

Sam Curry

Sam Curry – Chief Security Officer at Cybereason

@samjcurry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

We have limited investment dollars and therefore must ensure we are protecting the right assets. The practical side of determining “what” needs to be protected and “how” is a convoluted maze of academics, taxonomies, frameworks, and inconsistent approaches. Here we discuss 5 critical elements to make a difference by developing and effective Critical Asset Protection Program (CAPP).

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_RolandCloutier_Article.pdf

Cloutier, R. 2019. Critical Cyber Asset Protection Planning—Learning Concepts and Operational Imperatives for Protecting What Needs to be Protected. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 148-150. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

Just Fix It: 5 Critical Elements to Protect the Right Assets

Guests

Roland Cloutier

Roland Cloutier – Global Chief Security Officer at TikTok

@CSORoland

As Global Chief Security Officer of ByteDance & TikTok, Roland Cloutier brings an unprecedented understanding and knowledge of global protection and security leadership to one of the world’s largest leading media, social, and online technology companies. With over 25 years of experience in the military, law enforcement, and commercial sector, Roland is one of today’s leading experts in corporate and enterprise security, cyber-defense program development, and business operations protection.

Roland has functional and operational responsibility for cyber, information protection, data defense, operational risk, workforce protection, crisis management, and investigative security operations worldwide.

Prior to ByteDance / TikTok, Roland serve 10 years as Corporate Vice President and Global Chief Security Officer at ADP, a global provider of comprehensive payroll services and human resources management solutions spanning more that 120 countries across the globe.

Prior to ADP, Roland served as Vice President and CSO of EMC, was a United States Air Force Combat Security Specialist, and an Aerospace Protection and Anti-Terrorism Specialist for the Department of Defense. He also specialized in fraud and healthcare crime as part of the United States Department of Veterans Affairs.

Roland continues to lead by example in the development of the security industry through practitioner excellence. He was most recently honored as the RSA Conference 2016’s Excellence in the Field of Information Security Award Winner. He was also named the #1 Security Executive of the Year by ExecRank, Tech Exec Networks’ Information Security Executive of the Year, and one of the Most Influential People in Security by Security Magazine.

Paving the way for the world’s next generation of security leaders, Roland is also the distinguished author of his book, ‘Becoming a Global Chief Security Executive Officer’ where he shares his expertise on how to advance the practice of security executive management, security program architecture and how to effectively plan for the future demands of leadership in global security.

Roland is a member of the Executive Security Action Forum, The Security World 50, and serves on the Board of Directors Cyber Subcommittee for Blue Cross Blue Shield Association, the Board of The International Consortium of Minority Cybersecurity Professionals (ICMCP), and the Board of The National Cyber Forensics Training Alliance (NCFTA). As a U.S. Air Force veteran, he takes the time to give back and volunteer for veteran organizations such as the American Legion, and 100 Nights of Remembrance.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

Today most organizations have some of the processing in the cloud. As data moves farther away from the physical control of the organization, this movement provides opportunities of scale, flexibility, and speed. Join this podcast to learn how to use appropriate controls to manage this cloud environment.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jim_Reavis_Article.pdf

Reavis, J. 2019. Building a Bridge to the Future with Cloud Controls Matrix. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 243. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

https://cloudsecurityalliance.org/

https://cloudsecurityalliance.org/education/ccak/

https://cloudsecurityalliance.org/research/cloud-controls-matrix/

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

CISOs Cross the Bridge to the Cloud

Guests

Jim Reavis

Jim Reavis – CEO at Cloud Security Alliance

For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.

Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

Sponsored By


sponsor
Visit https://www.cybereason.com/cisostories for more information!

We want to trust our employees and contractors working within our organizations. For the most part, people are doing their jobs with integrity every day. What happens when an employee decides to leave the organization and start their own business – with our Intellectual property or customer lists? Or when an employee downloads material to work at home? Join this podcast to learn how to build an insider risk program to mitigate these threats.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dawn_Cappelli_Article.pdf

Cappelli, D. 2019. Mitigate the Risk of Insiders Stealing Company Confidential Information. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 187. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Full Episode Show Notes

No Insider Cybersecurity Risk? Guess Again!

Guests

Dawn Cappelli

Dawn Cappelli – VP Global Security and CISO at Rockwell Automation

@DawnCappelli

Dawn Cappelli is Vice President, Global Security and Chief Information Security Officer at Rockwell Automation. She is responsible for developing and executing a holistic cybersecurity strategy to ensure that Rockwell Automation and the Connected Enterprise Ecosystem – the company’s infrastructure, products, and customers – is safe, secure, and resilient. She is also responsible for Global Security programs, including physical security, executive protection, workplace violence prevention, and crisis management. Cappelli became CISO in 2016. She came to Rockwell Automation in 2013 as Director, Insider Risk, and built the company’s Insider Risk Program to mitigate threats from individuals within the company or trusted third parties who might steal information, sabotage infrastructure or products, or violate physical security controls. The Rockwell Automation Insider Risk Program was awarded the Global Team Leadership award by the Society of Women Engineers in 2016.

Before Rockwell Automation Cappelli was Founder and Director of Carnegie Mellon’s CERT Insider Threat Center, where she was recognized as one of the world’s leaders in insider threat mitigation, and has worked with government and industry leaders on national strategy issues. Before that she developed software for nuclear power plants for Westinghouse, and for Carnegie Mellon. She co-authored the book “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)”, which was inducted into the Cybersecurity Canon – a list of must-read books for all cybersecurity practitioners.

Cappelli is a Certified Information Systems Security Professional (CISSP). She holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat (OSIT) information sharing group, and is a member of the RSA Conference Advisory Board and Program Committee, the Cybersecurity Collaborative Executive Committee, and the CyberWire Hash Table. She was honored as a member of the 2020 Global CISO 100 and was named Pittsburgh CISO of the Year in 2018.

Hosts

Todd Fitzgerald

Todd Fitzgerald – Vice President, Cybersecurity Strategy at Cybersecurity Collaborative

@securityfitz

Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

prestitial ad